{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8139c2fd-440d-5a35-81d0-c6240ec029f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-transports-http", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8470d5da-e8df-54a1-b45f-0a864b2d27ed", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b6166665-6b95-55dd-9a64-3c135c3b2993", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:879813b3-36e8-55e8-98b8-b1a61022f04e", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:52cefb26-752f-511a-acab-51ffd7464ef1", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c72fa813-593a-56e5-b452-afb7f65478bb", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ab4e057-b621-54c2-bf8d-e44be5bb8d57", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ac0f20e-b9f4-5294-9724-fd3ec325f918", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2cc8171-b7ef-5712-9d43-12b03c4e62f2", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:907b9de9-5949-504b-ba2b-d5f3e86db640", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9616f1bd-495a-54b7-8ee3-900ed4cf9faf", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:692bf293-c201-511e-9cbf-1a22be34feec", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b6a8868-b6f3-5821-9677-9914fb8b9ba9", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec9cd8f2-82fb-5501-8e17-32e9cc1b9356", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7a3f7bb-7577-567a-b814-05f662e94c89", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f740d16-6b22-530c-b6b6-fe20df177da1", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c31251a9-0b84-56e7-8fed-ac7f56f364b0", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7471d670-96de-56b5-b7d4-55283c4ce3f5", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-transports-http 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee4aa9ae-6d55-58d9-978d-4d1e66239f88", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15fe776d-f902-5f16-b692-ed20f6334fbe", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de91b07f-574d-5c2f-bf1f-f71c257f24f3", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3aacbe46-482d-5f7c-bff6-0d962cca1647", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ae6599f-787b-5b92-b3f0-677d02ba3205", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:af2e8fa0-337e-55cb-b8bc-1cb73d6c1eb3", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f585509-94c4-5d7e-8527-45a5cd715455", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47bdd268-7ec7-5934-b725-3cbd4227f62d", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:971cb5b6-1c26-592e-9c42-aa700cb3b24e", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-transports-http 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9fdf297-8158-5f63-9059-bf7b69ba50bb", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e800ecd-1d6e-58c2-8f10-49861d0dee4b", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:82a7da5b-6350-5240-9a02-b198242a5b7f", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71a84ac1-cf91-5340-88f3-5718ca731707", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-transports-http 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31776e22-4678-5cbb-bb29-b2249f265efb", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb38a248-2ad8-5b89-9cb0-b074dac8b43d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:17100197-1eae-5c90-943b-44042bad3928", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:709b3841-ff2c-59a4-ad93-000b02c5a516", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9-tuxcare.4" } ] }